Hi Bastien, Thanks much for your answer. Even if programmed my own pairing agent, I can't see how I could achieve having fixed PIN for incomming requests. When I register my agent, I can choose one of following capability options [accorging to BlueZ Agent API]: - NoInputNoOutput, DisplayYesNo, KeyboardOnly: I can just programatically decide based on the client's BD address if I accept the pairing or not - DisplayOnly, KeyboardDisplay: at the time of pairing, the agent receives already the PIN, and can just decide if it's accepted. But this PIN is not entered by the mobile phone (client) user, it's just fabriqued (randomly?) somewhere inside the pairing process. Actually, the mobile phone user is queried with the same PIN and can only accept it too. All in all, my agent is never asked to return the PIN. The agents built-in in bluetoothctl or the bluez-tools you pointed to, behave rouhly the same. Am I missing something, some other usecase of pairing agent? It seems weird to me that for old version of BlueZ (4?), I have found something like 'bluetooth-agent 1234' command instantly doing what I need... But I don't know exactly. Thank you! Libor Peltan -----Original Message----- From: Bastien Nocera [mailto:hadess@xxxxxxxxxx] Sent: Mittwoch, 8. August 2018 14:19 To: Libor Peltan <lpeltan@xxxxxxxxxxxx>; linux-bluetooth@xxxxxxxxxxxxxxx Subject: Re: bt "server" how to configure requiring passkey from connecting clients On Tue, 2018-08-07 at 09:43 +0000, Libor Peltan wrote: > Hello, > I'm preparing a bluetooth "access point" using BlueZ 5.47, so that for > example mobile phones can connect to it, and further use PAN profile > (which is not part of this question). So far it works well, just using > the JustWorks pairing method. > > I'd like to secure this a little bit, not allowing anyone to pair, > rather to request passkey (let's say hardcoded string) before > accepting pairing requested by a client mobile phone. > > After searching through documentation and much googling, I don't see > any hints how to achieve this. > > I found some information about pairing agents in BlueZ5, both in > bluetoothctl and custom (programming them seems complicated but viable > and I cannot use simple-agent since I don't have python on my > machine), but all the usecases seem to target on BlueZ being the > client, who initiates pairing, and the agent takes care of inputting > passkey required by the other side - which is the opposite of what I > need. > > How to configure BlueZ5 to require passkey from any incomming pairing > requests? > > Thanks very much for your answers! You need a pairing agent to do this sort of thing, and bluez itself doesn't ship any such tools for headless use. Your best bet is using the "bluez-tools" repo: https://github.com/khvzak/bluez-tools I've used them successfully on headless devices. In your case, you could have the pairing agent (bt-agent) be started for X seconds after a button press for example. If you want something more complicated, you'll need to implement your own agent, the test/simple-agent Python script in the bluez sources is probably a good start. Cheers ��.n��������+%������w��{.n�����{����^n�r������&��z�ޗ�zf���h���~����������_��+v���)ߣ�